Azure Logs & Threat Hunting

I've recently started working with the log and security tools in Microsoft Azure and it's been quite a learning process, there are a lot of tools, terms and systems to get your head around. To start with here are some of the useful ones

• Azure Sentinel - A SIEM that can take logs from a wide variety of sources including Azure Log Anayltics, Office365, Windows/Linux VMs, Syslog, Firewalls etc
• Azure Log Anayltics - A database which can receive, store and query logs from a number of Azure services
• KQL - Kusto Query Language - A syntax for querying the logs, looks a little odd if you're used to SQL but actually quite logical
• Azure Security Centre - A dashboard that presents best practise reccomendations for an Azure Environment
• Azure ATP - a
• Windows Defender ATP - While Windows Defender is normally just an antimalware solution, the ATP version is a significantly different beast, it's an EDR service which presents a lot of data for investigating unusual behaivours
• Azure Notebooks - Effectively just Jupyter Notebooks hosted in Azure with some useful libraries pre-installed. They support Python,F# and R. You can also embed KQL queries